Re: [Freeipa-users] client setup failure
Hi Way too time consuming and too much of a challenge.I will abandon IPA for now.. Thanks. Might re-visit on F14 rc4 or something. I think you really need to re-examine how you do your development.too many things being developed and on a developing platform is stupidity IMHO. F15 itself is alpha codecrazy regards Steven From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 10:23 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > Hi, > > Thanks, but still no luck, > > Obviously dc0001 isnt the IPA server. > > [root@fed14-64-cli01 site-packages]# patch -p2< ~jonesst1/binFtBcaDVUoI.bin > patching file ipaclient/ipadiscovery.py > [root@fed14-64-cli01 site-packages]# ipa-client-install --server > fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force > Failed to verify that dc0001.ipa.ac.nz is an IPA Server. > This may mean that the remote server is not up or is not reachable > due to network or firewall settings. > [root@fed14-64-cli01 site-packages]# We must have made other changes to this since rc3. You can try building the 2.0.0 rpms on F-14 using the F-15 src.rpm. You'd still need this patch though. rob > > regards > > Steven > > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Wednesday, 30 March 2011 10:06 a.m. > To: Steven Jones > Cc: d...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> >> >> From: Rob Crittenden [rcrit...@redhat.com] >> Sent: Wednesday, 30 March 2011 9:24 a.m. >> To: Steven Jones >> Cc: d...@redhat.com; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] client setup failure >> >> Steven Jones wrote: >>> What patch? >>> >>> and how do I apply it? >> >> You asked "What do I put in the python script as a work around?" and I >> pointed you to the patch in >> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html >> >> It is just a 2-liner, you should be able to easily make the changes by hand. >> >> rob >> >> 8>< >> >> Interesting assumptionand no it could be japanese or something Im not a >> programmer. >> >> regards >> >> > > # cd /usr/lib/python2.7/site-packages > # patch -p2< /path/to/freeipa-rcrit-758-client.patch > > rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: Hi, Thanks, but still no luck, Obviously dc0001 isnt the IPA server. [root@fed14-64-cli01 site-packages]# patch -p2< ~jonesst1/binFtBcaDVUoI.bin patching file ipaclient/ipadiscovery.py [root@fed14-64-cli01 site-packages]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Failed to verify that dc0001.ipa.ac.nz is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. [root@fed14-64-cli01 site-packages]# We must have made other changes to this since rc3. You can try building the 2.0.0 rpms on F-14 using the F-15 src.rpm. You'd still need this patch though. rob regards Steven From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 10:06 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:24 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What patch? and how do I apply it? You asked "What do I put in the python script as a work around?" and I pointed you to the patch in https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html It is just a 2-liner, you should be able to easily make the changes by hand. rob 8>< Interesting assumptionand no it could be japanese or something Im not a programmer. regards # cd /usr/lib/python2.7/site-packages # patch -p2< /path/to/freeipa-rcrit-758-client.patch rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Hi, Thanks, but still no luck, Obviously dc0001 isnt the IPA server. [root@fed14-64-cli01 site-packages]# patch -p2 < ~jonesst1/binFtBcaDVUoI.bin patching file ipaclient/ipadiscovery.py [root@fed14-64-cli01 site-packages]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Failed to verify that dc0001.ipa.ac.nz is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. [root@fed14-64-cli01 site-packages]# regards Steven From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 10:06 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > > > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Wednesday, 30 March 2011 9:24 a.m. > To: Steven Jones > Cc: d...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> What patch? >> >> and how do I apply it? > > You asked "What do I put in the python script as a work around?" and I > pointed you to the patch in > https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html > > It is just a 2-liner, you should be able to easily make the changes by hand. > > rob > > 8>< > > Interesting assumptionand no it could be japanese or something Im not a > programmer. > > regards > > # cd /usr/lib/python2.7/site-packages # patch -p2 < /path/to/freeipa-rcrit-758-client.patch rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:24 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What patch? and how do I apply it? You asked "What do I put in the python script as a work around?" and I pointed you to the patch in https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html It is just a 2-liner, you should be able to easily make the changes by hand. rob 8>< Interesting assumptionand no it could be japanese or something Im not a programmer. regards # cd /usr/lib/python2.7/site-packages # patch -p2 < /path/to/freeipa-rcrit-758-client.patch rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:24 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > What patch? > > and how do I apply it? You asked "What do I put in the python script as a work around?" and I pointed you to the patch in https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html It is just a 2-liner, you should be able to easily make the changes by hand. rob 8>< Interesting assumptionand no it could be japanese or something Im not a programmer. regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: What patch? and how do I apply it? You asked "What do I put in the python script as a work around?" and I pointed you to the patch in https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html It is just a 2-liner, you should be able to easily make the changes by hand. rob From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:16 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: [root@fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Retrieving CA from dc0001.ipa.ac.nz failed. Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8 [root@fed14-64-cli01 tmp]# So the client isnt appearing in the IPA web gui.so its a total failure to join... The patch hasn't been applied. It will cause the wget to be non-fatal, it will just log and return. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:03 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: I used --force as wellit still ignores it More information would be helpful. Ignores it how, what error messages do you get, etc. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:58 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: uh OK.but why is it ignoring my --server and --domain ? and going to the dc for the certificate? This ticket still does not help me proceed You need --force as well. We try very hard not to hardcode values into the configuration files which is why we always autodiscover. With the patch and --force it should push through and complete the installation. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:50 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
What patch? and how do I apply it? From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:16 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > [root@fed14-64-cli01 tmp]# ipa-client-install --server > fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force > Retrieving CA from dc0001.ipa.ac.nz failed. > Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt > http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8 > [root@fed14-64-cli01 tmp]# > > So the client isnt appearing in the IPA web gui.so its a total failure to > join... The patch hasn't been applied. It will cause the wget to be non-fatal, it will just log and return. rob > > regards > > > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Wednesday, 30 March 2011 9:03 a.m. > To: Steven Jones > Cc: d...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> I used --force as wellit still ignores it > > More information would be helpful. Ignores it how, what error messages > do you get, etc. > > rob > >> >> regards >> >> From: Rob Crittenden [rcrit...@redhat.com] >> Sent: Wednesday, 30 March 2011 8:58 a.m. >> To: Steven Jones >> Cc: d...@redhat.com; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] client setup failure >> >> Steven Jones wrote: >>> uh OK.but why is it ignoring my --server and --domain ? and going to >>> the dc for the certificate? >>> >>> This ticket still does not help me proceed >> >> You need --force as well. >> >> We try very hard not to hardcode values into the configuration files >> which is why we always autodiscover. >> >> With the patch and --force it should push through and complete the >> installation. >> >> rob >> >>> >>> regards >>> >>> >>> >>> From: Rob Crittenden [rcrit...@redhat.com] >>> Sent: Wednesday, 30 March 2011 8:50 a.m. >>> To: Steven Jones >>> Cc: d...@redhat.com; freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] client setup failure >>> >>> Steven Jones wrote: >>>> What do I put in the python script as a work around? >>> >>> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html >>> >>>> >>>> regards >>>> >>>> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] >>>> on behalf of Dmitri Pal [d...@redhat.com] >>>> Sent: Wednesday, 30 March 2011 8:29 a.m. >>>> To: freeipa-users@redhat.com >>>> Subject: Re: [Freeipa-users] client setup failure >>>> >>>> On 03/29/2011 03:26 PM, Steven Jones wrote: >>>>> Hi, >>>>> >>>>> The DNS is in AD so it cant be set to suit IPA >>>>> >>>>> I did as below and even with --force your script ignores these flags, it >>>>> insists on doing AD lookups and gets the AD infoand obviously the >>>>> cert isnt on the AD box. >>>>> >>>>> 8>< >>>>> >>>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >>>>> installation uses this DNS record in an autodiscovery of IPA server in >>>>> the given DNS domain. >>>>> >>>>> You may want to check the DNS record or set the domain and server >>>>> manually: >>>>> >>>>> # ipa-client-install --server= --domain= >>>>> >>>> >>>> That was the bug that we fixed last week. >>>> Rob, did it make the GA? >>>> Or the bits you are using are not GA. >>>> >>>>> Regards, >>>>> Martin >>>>> >>>>> ___ >>>>> Freeipa-users mailing list >>>>> Freeipa-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>>> ___ >>>>> Freeipa-users mailing list >>>>> Freeipa-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager IPA project, >>>> Red Hat Inc. >>>> >>>> >>>> --- >>>> Looking to carve out IT costs? >>>> www.redhat.com/carveoutcosts/ >>>> >>>> >>>> >>>> ___ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> ___ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >> > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: [root@fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Retrieving CA from dc0001.ipa.ac.nz failed. Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8 [root@fed14-64-cli01 tmp]# So the client isnt appearing in the IPA web gui.so its a total failure to join... The patch hasn't been applied. It will cause the wget to be non-fatal, it will just log and return. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:03 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: I used --force as wellit still ignores it More information would be helpful. Ignores it how, what error messages do you get, etc. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:58 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: uh OK.but why is it ignoring my --server and --domain ? and going to the dc for the certificate? This ticket still does not help me proceed You need --force as well. We try very hard not to hardcode values into the configuration files which is why we always autodiscover. With the patch and --force it should push through and complete the installation. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:50 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
[root@fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Retrieving CA from dc0001.ipa.ac.nz failed. Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8 [root@fed14-64-cli01 tmp]# So the client isnt appearing in the IPA web gui.so its a total failure to join... regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:03 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > I used --force as wellit still ignores it More information would be helpful. Ignores it how, what error messages do you get, etc. rob > > regards > > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Wednesday, 30 March 2011 8:58 a.m. > To: Steven Jones > Cc: d...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> uh OK.but why is it ignoring my --server and --domain ? and going to the >> dc for the certificate? >> >> This ticket still does not help me proceed > > You need --force as well. > > We try very hard not to hardcode values into the configuration files > which is why we always autodiscover. > > With the patch and --force it should push through and complete the > installation. > > rob > >> >> regards >> >> >> >> From: Rob Crittenden [rcrit...@redhat.com] >> Sent: Wednesday, 30 March 2011 8:50 a.m. >> To: Steven Jones >> Cc: d...@redhat.com; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] client setup failure >> >> Steven Jones wrote: >>> What do I put in the python script as a work around? >> >> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html >> >>> >>> regards >>> ________ >>> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] >>> on behalf of Dmitri Pal [d...@redhat.com] >>> Sent: Wednesday, 30 March 2011 8:29 a.m. >>> To: freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] client setup failure >>> >>> On 03/29/2011 03:26 PM, Steven Jones wrote: >>>> Hi, >>>> >>>> The DNS is in AD so it cant be set to suit IPA >>>> >>>> I did as below and even with --force your script ignores these flags, it >>>> insists on doing AD lookups and gets the AD infoand obviously the cert >>>> isnt on the AD box. >>>> >>>> 8>< >>>> >>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >>>> installation uses this DNS record in an autodiscovery of IPA server in >>>> the given DNS domain. >>>> >>>> You may want to check the DNS record or set the domain and server >>>> manually: >>>> >>>> # ipa-client-install --server=--domain= >>>> >>> >>> That was the bug that we fixed last week. >>> Rob, did it make the GA? >>> Or the bits you are using are not GA. >>> >>>> Regards, >>>> Martin >>>> >>>> ___ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> ___ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IPA project, >>> Red Hat Inc. >>> >>> >>> --- >>> Looking to carve out IT costs? >>> www.redhat.com/carveoutcosts/ >>> >>> >>> >>> ___ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> ___ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: I used --force as wellit still ignores it More information would be helpful. Ignores it how, what error messages do you get, etc. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:58 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: uh OK.but why is it ignoring my --server and --domain ? and going to the dc for the certificate? This ticket still does not help me proceed You need --force as well. We try very hard not to hardcode values into the configuration files which is why we always autodiscover. With the patch and --force it should push through and complete the installation. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:50 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server=--domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
I used --force as wellit still ignores it regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:58 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > uh OK.but why is it ignoring my --server and --domain ? and going to the > dc for the certificate? > > This ticket still does not help me proceed You need --force as well. We try very hard not to hardcode values into the configuration files which is why we always autodiscover. With the patch and --force it should push through and complete the installation. rob > > regards > > > > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Wednesday, 30 March 2011 8:50 a.m. > To: Steven Jones > Cc: d...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> What do I put in the python script as a work around? > > https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html > >> >> regards >> >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Dmitri Pal [d...@redhat.com] >> Sent: Wednesday, 30 March 2011 8:29 a.m. >> To: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] client setup failure >> >> On 03/29/2011 03:26 PM, Steven Jones wrote: >>> Hi, >>> >>> The DNS is in AD so it cant be set to suit IPA >>> >>> I did as below and even with --force your script ignores these flags, it >>> insists on doing AD lookups and gets the AD infoand obviously the cert >>> isnt on the AD box. >>> >>> 8>< >>> >>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >>> installation uses this DNS record in an autodiscovery of IPA server in >>> the given DNS domain. >>> >>> You may want to check the DNS record or set the domain and server >>> manually: >>> >>> # ipa-client-install --server= --domain= >>> >> >> That was the bug that we fixed last week. >> Rob, did it make the GA? >> Or the bits you are using are not GA. >> >>> Regards, >>> Martin >>> >>> ___ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> ___ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IPA project, >> Red Hat Inc. >> >> >> --- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> >> >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: uh OK.but why is it ignoring my --server and --domain ? and going to the dc for the certificate? This ticket still does not help me proceed You need --force as well. We try very hard not to hardcode values into the configuration files which is why we always autodiscover. With the patch and --force it should push through and complete the installation. rob regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:50 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
uh OK.but why is it ignoring my --server and --domain ? and going to the dc for the certificate? This ticket still does not help me proceed regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 8:50 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html > > regards > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Dmitri Pal [d...@redhat.com] > Sent: Wednesday, 30 March 2011 8:29 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] client setup failure > > On 03/29/2011 03:26 PM, Steven Jones wrote: >> Hi, >> >> The DNS is in AD so it cant be set to suit IPA >> >> I did as below and even with --force your script ignores these flags, it >> insists on doing AD lookups and gets the AD infoand obviously the cert >> isnt on the AD box. >> >> 8>< >> >> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >> installation uses this DNS record in an autodiscovery of IPA server in >> the given DNS domain. >> >> You may want to check the DNS record or set the domain and server >> manually: >> >> # ipa-client-install --server= --domain= >> > > That was the bug that we fixed last week. > Rob, did it make the GA? > Or the bits you are using are not GA. > >> Regards, >> Martin >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > --- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Steven Jones wrote: What do I put in the python script as a work around? https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
What do I put in the python script as a work around? regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: > Hi, > > The DNS is in AD so it cant be set to suit IPA > > I did as below and even with --force your script ignores these flags, it > insists on doing AD lookups and gets the AD infoand obviously the cert > isnt on the AD box. > > 8>< > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > installation uses this DNS record in an autodiscovery of IPA server in > the given DNS domain. > > You may want to check the DNS record or set the domain and server > manually: > > # ipa-client-install --server= --domain= > That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. > Regards, > Martin > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Hi, This is RC3 on F14 which seems to be the latest available for F14?, guess you need a rc4..not F15 with 2.0that's alphaI have enough bugs to battle with. regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 30 March 2011 8:29 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On 03/29/2011 03:26 PM, Steven Jones wrote: > Hi, > > The DNS is in AD so it cant be set to suit IPA > > I did as below and even with --force your script ignores these flags, it > insists on doing AD lookups and gets the AD infoand obviously the cert > isnt on the AD box. > > 8>< > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > installation uses this DNS record in an autodiscovery of IPA server in > the given DNS domain. > > You may want to check the DNS record or set the domain and server > manually: > > # ipa-client-install --server= --domain= > That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. > Regards, > Martin > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Dmitri Pal wrote: On 03/29/2011 03:26 PM, Steven Jones wrote: Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. This is a different problem. The retrieval of the CA during discovery (which we always do) is causing the install to quit. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
On 03/29/2011 03:26 PM, Steven Jones wrote: > Hi, > > The DNS is in AD so it cant be set to suit IPA > > I did as below and even with --force your script ignores these flags, it > insists on doing AD lookups and gets the AD infoand obviously the cert > isnt on the AD box. > > 8>< > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > installation uses this DNS record in an autodiscovery of IPA server in > the given DNS domain. > > You may want to check the DNS record or set the domain and server > manually: > > # ipa-client-install --server= --domain= > That was the bug that we fixed last week. Rob, did it make the GA? Or the bits you are using are not GA. > Regards, > Martin > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Hi, I cant use --server or --domain the install script ignores thoseit insists on going to AD for its info regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 2:41 a.m. To: Martin Kosek Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Martin Kosek wrote: > On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote: >> On 2011-03-29, at 10:20, Martin Kosek wrote: >> >>> On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: >>> >>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >>> installation uses this DNS record in an autodiscovery of IPA server in >>> the given DNS domain. >> >> In AD managed zone that would be domain controller itself. >> >> pz > > You are right. In that case the autodiscovery have to be skipped and > --server/--domain parameters need to be added to the client installation > script manually. > > Martin Yes, please try with --server as a workaround. This is a rather tricky one. We fetch the IPA CA so we can make a TLS connection and gather some data for autodiscovery. I guess we need to make the failure to retrieve the CA non-fatal, I'm just not sure what other implications that will have. I thought we passed along the provided server to to autodiscovery so this wouldn't happen. I've opened https://fedorahosted.org/freeipa/ticket/1135 to track this. thanks rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
How do I add these manually to the script? regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Martin Kosek [mko...@redhat.com] Sent: Tuesday, 29 March 2011 11:52 p.m. To: tomasz.napier...@allegro.pl Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote: > On 2011-03-29, at 10:20, Martin Kosek wrote: > > > On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: > > > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > > installation uses this DNS record in an autodiscovery of IPA server in > > the given DNS domain. > > In AD managed zone that would be domain controller itself. > > pz You are right. In that case the autodiscovery have to be skipped and --server/--domain parameters need to be added to the client installation script manually. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Hi, The DNS is in AD so it cant be set to suit IPA I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD infoand obviously the cert isnt on the AD box. 8>< What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
Martin Kosek wrote: On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote: On 2011-03-29, at 10:20, Martin Kosek wrote: On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. In AD managed zone that would be domain controller itself. pz You are right. In that case the autodiscovery have to be skipped and --server/--domain parameters need to be added to the client installation script manually. Martin Yes, please try with --server as a workaround. This is a rather tricky one. We fetch the IPA CA so we can make a TLS connection and gather some data for autodiscovery. I guess we need to make the failure to retrieve the CA non-fatal, I'm just not sure what other implications that will have. I thought we passed along the provided server to to autodiscovery so this wouldn't happen. I've opened https://fedorahosted.org/freeipa/ticket/1135 to track this. thanks rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote: > On 2011-03-29, at 10:20, Martin Kosek wrote: > > > On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: > > > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > > installation uses this DNS record in an autodiscovery of IPA server in > > the given DNS domain. > > In AD managed zone that would be domain controller itself. > > pz You are right. In that case the autodiscovery have to be skipped and --server/--domain parameters need to be added to the client installation script manually. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
On 2011-03-29, at 10:20, Martin Kosek wrote: > On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: > > What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client > installation uses this DNS record in an autodiscovery of IPA server in > the given DNS domain. In AD managed zone that would be domain controller itself. pz -- Tomasz Z. Napierała Systems Architecture Engineer, IT Infrastructure Department Allegro Team http://www.allegro.pl/ Grupa Allegro Sp. z o.o. z siedzibą w Poznaniu, 60-324 Poznań, przy ul. Marcelińskiej 90, wpisana do rejestru przedsiębiorców prowadzonego przez Sąd Rejonowy Poznań - Nowe Miasto i Wilda, Wydział VIII Gospodarczy Krajowego Rejestru Sądowego pod numerem KRS 268796, o kapitale zakładowym w wysokości 33 474 500 zł, posiadająca numer identyfikacji podatkowej NIP: 5272525995. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client setup failure
On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote: > Trying to set up a fed14 cleint and since DNS is on the AD server (dc0002) > there is no dns_discoveryso as per doc I ran the install and it should > ask me for the infobut it fails with, > > Complete! > [root@fed14-64-cli01 yum.repos.d]# ipa-client-install > DNS discovery failed to determine your DNS domain > Please provide the domain name of your IPA server (ex: example.com): ipa.ac.nz > Retrieving CA from dc0002.ipa.ac.nz failed. > Command '/usr/bin/wget -O /tmp/tmpzR381G/ca.crt > http://dc0002.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 4 > [root@fed14-64-cli01 yum.repos.d]# > > So its asking the dns server for the cert which doesnt have it instead of the > ipa serverwhich does. > > I think the install script needs some work > > regards What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client installation uses this DNS record in an autodiscovery of IPA server in the given DNS domain. You may want to check the DNS record or set the domain and server manually: # ipa-client-install --server= --domain= Regards, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users